90c244948a
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`. - Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
StellaOps VEX Consensus Lens
VEX Lens computes deterministic consensus across conflicting VEX statements while preserving raw provenance.
Responsibilities
- Ingest VEX evidence from Excititor and align it to SBOM inventory.
- Apply issuer trust weights, freshness rules, and policy-defined tie breakers.
- Publish consensus snapshots and disagreement metadata for Policy Engine and Explorer surfaces.
- Expose APIs for explainability and offline bundle exports.
Key components
- Consensus computation service and job pipeline.
- Consensus store with versioned snapshots.
- Explain trace generator for disagreements.
Integrations & dependencies
- Excititor for raw VEX ingestion.
- Policy Engine for applying consensus in suppression flows.
- Vulnerability Explorer and Advisory AI for evidence overlays.
Operational notes
- Trust model configuration and issuer scoring dashboards.
- Offline kit packaging of consensus snapshots.
- Telemetry on issuer coverage and disagreement counts.
Epic alignment
- Epic 7: VEX Consensus Lens.
- Lens implementation stories tracked in ../../TASKS.md.